#site-bugs

@strong pumice Get ready for pain
@orchid remnant :D, Good I need a new box to do. I've done almost all of the boot2root boxes

This one is horrible

It has nothing on Monkshood

But it is a pain in the rear end

Same here, don't think it's a timezone issue as going to assume we are on the same timezone
@urban flame I've tested it with every hour, and its not bugged out for me. Its hard trying to replicate this bug hm.

Yeah, same time stamps as @fresh tide but repeated for me, example above - 14 -> 1 ->2 ->1 -> 2 - edit: I answered 7 questions when this happened

@fresh tide what timezone are you in?
@frosty cape As szymex mentioned it got fixed after sometime. GMT +05:00 (Pakistan)

On CC: Pen Testing ... Task 5 - Section 2 Web Enumeration with Nikto ... Question #7 refers to deprecated flag of Nikto. "-update" no longer works.

Oh @covert kernel? 😁

The question should be rephrased or maybe removed, IMO

@covert kernel so here's the thing, it's difficult to remove a task right in the middle of a page without having to re-do all the other tasks atm. It's a limit on the content creators tools side
http://puu.sh/FRsf8/a84ce9d214.png

ATM, only the last question

I understand but it should be fixed

May or may not be easy , true, but the answer is technically wrong

Anyway, I was just pointing it out

hello I have a bug on room of metasploit I tried all numbers between 0-9 and everything is saying is wrong...

@vestal carbon Not a bug, read the question carefully.

Is VietHam a country?

tryhackme.com/profile

lol

it was spelt as Viet Nam before @covert kernel

so i brought it up and it seems that this is the end result

@frosty cape plz fix my 7 days badge plz and also Vietham is not a country it's Vietnam

Done

hey admins, is there any problems with servers ? because it doesn't load tasks in tryhackme.

Try pressing Ctrl + Shift + R in your browser @hallow hamlet (:

same @topaz venture

What room is it you're trying specifically? Try with another browser perhaps?

learn linux

I've completed all the tasks in Alfred, but it's still showing as incomplete for me.

Brainstorm needs a once over. Several members, to include myself, are having issues with validated exploits crashing the brainstorm.exe service, but not connecting via reverse shell. I attempted to use the exact python script I used in the last month to complete the room, and it has now failed several times. Please see #offensive-pentesting-path for additional conversation on the issue.

this is not exactly a bug, but I have been like 4 days trying to get the flag. https://tryhackme.com/room/introtopython the order of the encodements is not very well explained. It firsts says thatit has been encoded in base16 then base32 and then base64, so decoding should be -> base64 -> base32 -> base16. But nope, it is the same way as the encodig, maybe this could be fixed, or maybe I don't really understood the explanation.

That order has confused a bunch of people now. Any chance of reversing it in the task @worthy stag?

Sure, part of the challenge is to figure out which way the encoding is but I can remove that aspect

@spiral flame | James thanks

Just want to point out, that in room BP: Networking there is a mistyped binary number. It should be 11000000 (two ones and six zeros) istead of 1100000 (two ones and five zeros). Because there is written that it means in decimal, 192.168.1.12 but actually it means 96.168.1.12

@hot quartz *96

But yes

oh my bad 😄

@orchid remnant can you pop an extra 0 on there?

Walkthrough room blood showing up on releases?

Confirmed, but it was also released in the challenge slot so big ??? there

Yeah was a bit confused as to whether it should be there

@frosty cape what's up with this?

I've removed it from the releases page.

@frosty cape the bug with the hacking heatmap not showing up to date data is still here

It skips days even though they're returned to the API

Let me look now whilst its there

https://tryhackme.com/p/NinjaJc01 ?

So there are some days in May you say that are not showing, but are in the API?

@frosty cape Nope, the 31st, 1st and 2nd of may/june aren't showing

Chart ends early

Are you sure data is missing?

Checking manually, its showing what the API endpoint is returning

Your profile (05.01) has 25 events inthe API and thats what is shown

Same for the 2nd

Also it wont show 2nd as the day hasn't ended

@frosty cape June 1st and 2nd

Nothing from june 1st on there

Sure, part of the challenge is to figure out which way the encoding is but I can remove that aspect
@worthy stag well, you made it with me almost xD

Oh right, it will appear tomorrow/next day

Its how the heatmap is displayed

I dont have much control over that

It's not displaying the 31st may either

There are days missing.

Okay, I updated it locally to show the most up to date day

Streak bug - "Answer within 24 hours to keep your streak", this makes it sound like if I answer right now I will keep the streak, despite not answering after midnight 🙂 I would hide this message until the next day, so it says "answer in 8 hours to keep your streak"

^ Not a bad idea

Its add too

Hey, could you please fix this in Fowsniff CTF room? Thanks

@frosty cape https://tryhackme.com/room/injection fonts broke

Using serif for me

same ^

@spiral flame You beat me to it, was just about to report that 🙂

@frosty cape https://tryhackme.com/room/injection fonts broke
@spiral flame Try now?

This will be fixed when I move it over to markdown

It's trying to use ubuntu mono, monospace

But it's not rendering it as that

Mind trying again for task 1?

Ok, so it's overriding the inherited style with just "ubuntu mono" with no fallback

Still nothing

@frosty cape

I’ve been having an issue with Brainpan1 where my exploit just crashes the server and doesn’t open a reverse shell. I’ve looked at every walkthrough and copied their final exploit and same problem. I believe this is a bug with the box, but would be welcome to know if I’m just doing something wrong!

Lost my 6x streak.. Around 8 hours ago it was showing 18 hours but now streak went to 0 while on profile it was still showing 6x streak and after answering a question it went to 1.

@vocal raptor
Shodan room, Task 4 Question 5; The current answer is not the top one
PoC: https://www.shodan.io/search?query=asn%3AAS15169+country%3A"US"+city%3A"Los+Angeles"

oops, yeah the answers change a lot. i cant currently log into THM but i'll fix as soona as i can 🙂

nice

Lost my 6x streak.. Around 8 hours ago it was showing 18 hours but now streak went to 0 while on profile it was still showing 6x streak and after answering a question it went to 1.
This ^^^

@fresh tide Skidy is aware they're buggy

i was hoping to get that 7x streak badge today 😦

You wouldn't have recieved it anyway

It doesn't award properly

I have a nearly 2 week streak atm

But it's not tracked

GG

hi

You wouldn't have recieved it anyway
@spiral flame the 7 day streak awarded me the badge... badge reward is slightly buggy too

@median dome you around to talk about injection?

Yeah

Sup

What did I do now lol

@median dome DM?

Sure

hey guys i think we found a bug in koth : space jam

where you can get 3 flags

@wind wave you mean submitting the same flag twice?

or you found a 3rd flag?

same flag twice i guess and it will show 3 flags

Known issue

Discovered by @fresh tide and I

It's been reported, and is hopefully being fixed soon

if you can reproduce it, just abuse it for points

Don't do that

oo thanks for notifying me

i am doing a private one with my friends

I wonder if you did some dumb thing like i did 😄

But Ninja found the proper way to abuse it

Is the Steelmountain room broken? (the machine)? Left it half-way through this morning, just re-deployed (twice) and I can't get to ping, connect, anything...

Nope.

It probably won't ping, it's windows.

I truly mean it, I managed to connect today, know how to get in... but now it seems 100% down, not even the webserver is up (:80)

#site-support this will be a VPN issue

Ok, truly sorry. as always... classic mistake

yeah

The badge jpg file cannot be added in linkedin profile. It says Sorry, we were unable to blah blah. any workaround?

Linkedin expects a link, you're providing a file. This isn't a THM issue.

there is a typo in the Vulnversity | [Task 4] Compromise the webserver |#3 "Click on "Payloads" and select the "Sniper" attack type." - "Payloads" should be "Positions"

no I am providing the aws link that is there in the public page.

Same thing I do with my stackoverflow badge.. it works with no problems.

I think this is a thm issue, because when you open the s3 link it automatically gets downloaded. so basically it means it uses application/octet-stream as mime type. Which is not image from a content type perspective. That's why it cannot be added in linkedin as link.

But it should, badges exists to add to some signature or profile or something. Otherwise it doesn't have any use really.

I'm not able to connect to the EU-VIP-1 vpn these last few days! its giving me an error

@novel carbon #site-support

okidoki

Email title when your sub expires said you cancelled it

I didn't cancel it, it just expired

Also I got an email asking me to subscribe. I renewed my sub already

@frosty cape

@covert kernel mind deleting most of it and censoring emails?

it's just people using emails as usernames

I have deleted it

👍

i think i know what route it is

@covert kernel mind deleting most of it and censoring emails?
@short jackal but it's public

Probably better to disclose things like that through the appropriate means, rather then pasting onto here @covert kernel

yeeah

pardon

also i wouldn't want my email randomly posted in a channel on discord

File a report with all of that to hello@tryhackme.com @covert kernel. It'll be handled better there. @short jackal pinged skidy so he'll be aware - but it's best placed there

also i wouldn't want my email randomly posted in a channel on discord
@short jackal so i can't even link to profiles ?

That's very different

what i posted was just usernames

these were emails that acted as usernames
still, they were emails

^

That is still very different to linking to profiles.

so can i link to profliles?

yes

delete this too?

Yup

Yikes

Thanks for letting us know

file a report on over to hello@tryhackme.com with it all, but I'm raising it too

sorry for my attitude

i'm an idiot

All good, It's just all about responsible disclosure 👍

Saw the confirmation of brainstorm, just wanna bump brainpan1 for either a confirmation or disproof

I know brainpan has been flagged, there's discussion about it - I don't know either way I'm afraid (:

When I say discussion, as of a couple of hours ago so...

Got it! Sorry for the spam, thanks for the response!

👍

I'll check Brainpan quick. Brainstorm is filtering the 9999 port and making it unusable, as well as FTP issues.

Brainpan works fine.

Thanks for taking the time to check @autumn wave (: mucho appreciated

Hmmm... when I try it with your walkthrough code it just crashes it for me 😦 @autumn wave

If you want we can walk through it in #offensive-pentesting-path

Can I ping you about it tomorrow?

Sure that'd be ok.

Great, thanks! 🙂

You're welcome.

execuse me,i need answer in room CC: pen testing task 7# What option sets the architecture to be exploited?

Wrong channel #room-hints

https://tryhackme.com/room/webappsec101 These links are broken ---> https://www.owasp.org/index.php/Forced_browsing , https://www.owasp.org/index.php/Path_Traversal

it works right? i can open it. it automatically 302s to another path.

hi i have a question

my kali machine keeps asking for username and password

it is not my login and password

it works right? i can open it. it automatically 302s to another path.
@ebon oyster weird, doesnt work when I click on the link in the room

i just dont know how to fix it

I'm having the same issue

@spiral saddle u can get the username password in https://tryhackme.com/room/kali room

@spiral saddle I was able to ssh to it but not use the in browser version

@outer copper i was trying to use the in browser version but they are giving me this error

On hackpark I keep getting detected even with -Pn

i think i went unnoticed: there is a typo in the Vulnversity | [Task 4] Compromise the webserver |#3 "Click on "Payloads" and select the "Sniper" attack type." - "Payloads" should be "Positions"

Doing the Dumping Router Firmware room, and when look at the builddate, it seems to changed from when the room was done. When i cat builddate i get || 2020-04-22 11:44 || but correct answer is || 2018-05-01 18:10 ||, Same with version, i get || 2.0.3.201002 || when correct is || 2.0.2.188405 ||

Someone already reported this if I remember correctly.

Oki.

Didn't find anything except something about firmware not available on Linksys but had to get it from the github

execuse me,i need answer in room CC: pen testing task 7# What option sets the architecture to be exploited?.Please help me

@manic ice wrong channel

try community hints

@manic ice We don't provide answers.

my streak broke once more

even though i answered a question last night

it should be 15 including today

I lost my 7x 2 days ago as well ^ 😦

I lost my streak as well, but I managed to get the 7day badge

then help me if you know that channel ,i stuck on that question.Thanks you so much.

@manic ice #room-help or #room-hints

@vocal raptor
Shodan room, Task 4 Question 5; The current answer is not the top one
PoC: https://www.shodan.io/search?query=asn%3AAS15169+country%3A"US"+city%3A"Los+Angeles"
@olive drum The answer hasn't changed, since the answer in this query == the answer in the task 🙂

However, linux 3.x is only 1 server away from being at the top so I suspect it might change over sometimes

I'll change it to "Linux 3.x" and have the hint as "top linux"

Oh yeah, maybe, but yesterday it was showing linux 3.x as a top one

🤷‍♂️

it's a nightmare room for maintenance, everything changes all the time 😦

yeah I know 😄

@median sapphire thanks you XD

@short jackal maybe i can use your API wrapper to automatically update the room

I'll change it to "Linux 3.x" and have the hint as "top linux"
@vocal raptor also the top country question was broken

Iirc the top country had 38k servers and the 2nd top had 6k last time I checked

What is it now?

when i did it the correct answer was ||EU|| but shodan said HK

Don't do that.

Room:
https://tryhackme.com/room/eritsecurusi

first command to get the shelll doesn't match the wget command.

They should both match either as cmd.php or c.php

nc not ncat

I mean technically it would still work, since ncat is a real thing(from the nmap project) 🤷‍♂️

other PORT *

still shows completed rooms

@hard horizon Wait for the rooms to load otherwise it breaks the filters

Known issue

@spiral flame Thanks

there is a bug on my window right now

@raw nacelle No. This channel is for TryHackMe bugs.

can somebody run a quick zap scan against the machine in RP: Web Scanning. i dont get anny results for xss. is it me or is there a bug. thx in advance

@covert kernel known issue.

ok so i have to look the answer up in aa writeup ?

They shouldn't include answers

Corp box: when you crack the AS-REP hash and get a password, I feel like that user whose password you cracked was not intended to have local administrator / domain admin, as the next step is supposed to be privilege escalation using PowerUp.ps1 and a panther unattended.xml

Those are two very different things which is it a local or domain admin and just because you crack an as rep hash doesn’t mean they’re a domain admin

^

Obviously not. So, I kerberoasted and got a hash of a user. Crack the password. The next step looks like they want me to privesc to administrator for the root flag. But, as that user, I can just go get the root flag. I did whoami /priv and I'm local admin and domain admin, I feel like that is in error

otherwise whats the point of running a priv esc on an admin account, you are already escalated... the privesc is unnecessary, they could just submit the root.txt flag..

you’re mixing up a lot of terms and I’m a little confused now what room is this?

sorry didn’t read

what user did you get from Kerberoast

Corp\fela

then it instructs me to use powerup.ps1 and find a panther unattended XML to base64 decode the admin password. But when I logged in as fela, I already have access to get the root flag as I am a local admin and domain admin, I figured it wasn't supposed to be that way

I just checked the room it’s intended

you’re supposed to be have access to that flag for fela but there is another flag for another user that you wouldn’t even be able to see unless you priv esc to that other user

well it worked for me, I turned in the administrator flag by base64 decoding the panther unattended.xml file, but that was not needed to read the root flag, i guess it doesn't matter... but usually the reason you want to Escalate privileges is because you don't have them already

so if you have full privileges, there is no priv esc needed

I think I know the issue it is a bug but it shouldve been fixed @covert kernel the bug where you can read the administrator flag from the fela desktop I thought you fixed it

Huh?

Corp isn't my box @cinder crow

what what when I was reading the write up they said they talked to you about the bug

Huh?

They may have talked to me about it but what am I supposed to do about it?

The box creator would have to upload a new ova fixing the bug

I thought it might have been yours whos is it then?

I have no idea

well then 🤷‍♂️

@cinder crow Corp?

redirect that to Felamos

copy

@stone flint when you have a moment can you please either dm me or message me in the creators lounge about corp admin flag bug

Seems to be a bug with
"Attacktive Directory" When trying to brute force the username with kerbrute for task 4 question #2 the answer does not appear in the names that show up.

you mean you got the answer right and its just not on that list or youre assuming because you havent been able to find the answer its not there?

yes..I got the correct answer.. although by the method it is asking.. the answer is not showing.

kerbrute is not showing the correct answer

did you use the provided wordlist?

yessum. I even created a wordlist with just the correct answer and it still did not provide the correct answer.

I was thinking it could be the version of kerbrute but.. it shows the other names..

did you get any answers at all on both attempts?

not answers but users

so the worldlist that was provided shows other vaild usernames just not the answer that its asking for.

thats odd I dont think that he changed it all recently so it might have just not booted with that user for some odd reason a terminate and redeploy will probably help

yessum.. I have done that 3 times... Let me log off and back on.

let me spin up the machine real quick

I can send a screen shot if needed

just ran it it is in there not sure why its not working for you

if you could that would be helpful

would you like me to post it in this chat?

Sure

I blocked the answer but its there... in the fill being used.

I tried sorting the list and a few other things... same issue

hmm not sure because it worked for me and you said you redeployed 3 times @hazy stratus any ideas why this is happening?

no clue why that'd be happening

i'd try putting it in a file by itself and test it

This is odd I mean as long as you got the right answer 🤷‍♂️ I’ve never seen that happen before though

he did that

same

I wonder if latest version of Kerbrute borks it?

you could try svc\-admin and see if that works

trying that now

svc-admin
svc\-admin
"svc\-admin"
"svc-admin"

there's a couple things you could try

nope for all

made a seperate file with just those and nothing

1 sec

lemme pull the writeup and cross check kerbrute versions

https://github.com/ropnop/kerbrute/releases/tag/v1.0.2

try this version

also, by chance did you happen to build from source?

I used the version provided in the link and used kerbute_linux_386

the link in the room

should be kerbrute_linux_amd64

let me try that

i386 is for 32-bit processors, i don't anticipate it having issues but you never know..

no sir same issue let me try an older version

gosh darnnit haha still doesnt work with the v1.0.2 kerbute amd64 version

that's weird to say the least -- ill do some testing tomorrow morning

thank you.. fyi kali linux 2020 virtual box

BUG: Clicking KOTH join links AFTER the game has ended still adds you to the game, with no possbility of scoring for it. Suggest join links re-direct to the public page, with a banner that the game has now ended.

already submitted, should be fixed soon™

(Annoyingly, it wrecked my stats!!) 😄

(Annoyingly, it wrecked my stats!!) 😄
@fresh lynx Well there are no stats for koth except for those 5 games showing up.. (unless you are saving GameId's like me.)

Yeah, just personal record - not public

time to scrape all koth games and grab the results to make an unofficial scoreboard on hacks.computer

@short jackal Is that a domain you own? 👀

yeah

rn i only have a koth overlay there with stolen borrowed assets from thm

the css broke tho, i need to tweak that

@short jackal Are you screen scraping or using part of the api?

rn i only have a koth overlay there with stolen borrowed assets from thm
@short jackal ~~I stole my profile picture from THM ~~ 😇

@short jackal ~~I stole my profile picture from THM ~~ 😇
@median sapphire ik

@short jackal Are you screen scraping or using part of the api?
@fresh lynx API, i made a wrapper

Pls share 🙂

#resources, it's few messages above the recent ones

more than few

Funnily enough, I asked 5 mins ago in general for api docs 🙂

only few routes are documented on the docs page and they're an external API for deploying

this is all achieved from my hours of scraping+saving routes

That is annoying!

tbh it was fun to deobfuscate the js scripts on most pages and grab routes from that

Yeah.. Sorry, can you point me to where it is? Not seeing it in scrollback

https://discordapp.com/channels/521382216299839518/554713196804440101/717304273309925376

ta

(This is really great @short jackal )

:)

How can I Exit from a non free room?
I did not subscribe but I have Linux challenges in 'my rooms'!

How can I Exit from a non free room?
I did not subscribe but I have Linux challenges in 'my rooms'!
@rocky wind yeah me too

@frosty cape Site's really slow answering questions...

its normal? the kali browser

Thats not normal - its also over http and not https?

same

was trying to get the error msg by burp (due to it reload faster than eye could see)

here what it look like at my access kali machine

Would you please mind terminating and redeploying the machine?

well i did several time

still same issues

there are error.. but i couldnot capture it

Let me take a look into it, whats your THM username?

radicz

Okay great, so now please terminate all running instances you have running.

Wait a few seconds

Then re-deploy

ok wait

still the same

on https://tryhackme.com/room/zthobscurewebvulns - there is a spelling error. "JTW" at the top and JWT a little lower on the page.

I swear I've already yelled at Pars for that

Fixed 👍

Pretty sure my streak increased by 2 today

Anyone having issues accessing the new room?

“Owner has made this room private”

It shouldn't be?

try now?

It's set to public and unlocked

Oh, Ashu got there first 😆

Sweet, working now. Thanks

which difficulty is this?

@sly raft Entropy has a different difficulty between the room page and the releases page -- which is it meant to be? 🙂

also..

Think that’s part of the lab 😊

No, it's just borked

^

raised it

Ha really

yeah lol, in general

i ponged the dev

@covert kernel what software are you using to rdp?

that's remmina

thanks, I was gonna use rdesktop but i'll install remmina

remmina is really good

the current room is borky

yeah I couldn't rdp using creds either

xfreerdp is better than all 😉

i ❤️ remina

will check out xfreerdp though

mstsc 👍

I ❤️ Xfree @sly raft

@orchid remnant Entropy still shows as private for me, by the way why is there no announcement for new room release?

there was

but the room is borky

any known* rockyou*

^^ room https://tryhackme.com/room/authenticate

• I am locked there like this:
  https://gyazo.com/a18624536956977320df43c8d99e9e08

Room https://tryhackme.com/room/rppsempire Task 5 Question 8: is wrong. the answer format shows three slashes and the answer that the question expects is not what my console reads. Answer starts with python/** but console reads powershell/*

ermmm

still getting the error on my kali browser

???

@frosty cape when you wake up

these what it look like

ah.. its browser problem

last time it work on brave... but somehow it doesnot

Skidy uses brave iirc so he'll probably be interested

Not important but in the general tab for managing a room, "were" should be "where" in publicly accessible

@small kestrel Empire was updated afterwards and the answer changed.

Expanding on @covert kernel’s submission

@topaz venture that's great. I still have some stuff to add. Not much of a programming thing without the programming...

Submitted (:

https://discordapp.com/channels/521382216299839518/685858111952781324/718739176622653441

Oh haha. That's even better!

Look forward to seeing your room in the queue!

Definitely

Though, I was contemplating on asking you for a bit of advice with the programming section

Pickle Rick Write up in hackback2019:
https://tryhackme.com/room/hackback2019

@fresh tide Yeah, hackback2019 is a collection of rooms

pickle rick is one of the challenges there

oh ok

my B

I see you updated your roles 🙂

aah just people like getting answers from 0xD instead of a 0x9 soo 😄

Imagine being a mod

That assumes that I’m right

People just take my word it’s great

in hackback2019:
https://tryhackme.com/room/hackback2019
Task4 Q#5 First Flag is not being accepted while the same flag is accepted is JuassicPark room

I've already reported that one 😁

I've already reported that one 😁
@median sapphire oh ok

@distant sage Not a bug, the room is designed this way.

I know it isn't, but why

The room was designed this way, if you know it's not a bug, then don't post it in #site-bugs.

ok

Juice Shop room

Which task @olive drum?

Found it

Sorted 👍

nice!

doing to

start of

These are both in Vulnversity.

it is a bug guys? Box Learn Linux

cat: /etc/shiba/shiba3: Permission denied

if i run ./shiba2

@covert kernel not a bug. You broke it.

Hi, I'm doing ICE box today but it seems that the box is not giving me the proper privilege when I do getpriv in my shell. What should I do? Tried all the privs given to answer the ICE box questions but it's all wrong. Thanks.

#room-help @buoyant dagger

Oh. Thanks! @spiral flame Sorry.

did Thanos snap his fingers on my points :c

Walkthrough vs challenge

2 snaps @rare swallow

25%

yeah

but still, 150vs 62

i think points need another recalculation

They do

Skidy knows

I've made him painfully aware

is this normal?

is this normal?
@buoyant dagger Which room?

@buoyant dagger Which room?
@orchid remnant from Fowsniff CTF

*sigh* Naturally

Thanks

Check it now @buoyant dagger?

Oh Goddamnit Skidy and your xss filters

Not that they aren't our fault, granted

But still

Hehe, I did one better 😁

Who knew that worked in hints

Refresh and try now?

It's fixed. Thank you.

Should also display the actual machine IP now if you have one deployed 🙂

Np

in the XSS room, Task 5 Q2, the onhover event doesn't exist...

I mean it's an attribute iirc?

it should be onmouseover

Oh hover is a css psuedoclass

yes

the checker is a bit finicky

Onhover is used random places in mozilla docs

Not a real thing though

yeah

hence why I'm posting in bugs 🙂

also the code for the keylogger seems to crash the server...

one very weird bug I got is that the browser timeout doesn't match the actual timeout.

even if it says 10min in browser it doesn't mean that 10min is remaining.

@spiral flame if that XSS filter gets removed we're just gonna break it again 🤣

Not that I disagree

@orchid remnant another bottle of whiskey? Let's go

You're on 😁

Not sure if this is the right place, but for "Network Services" room > Task 9 > Question 1 asks how many ports are open on the target machine. The accepted answer is 1, but I am seeing 2 ports open from my nmap scan.

Does it specify a port range? If not, then I'd say this is the place

It does not.

"Run an nmap scan of your choice.

How many ports are open on the target machine?"

Did you happen to do -p-?

I did not.

Hmm

I'm very new to all of this. I did nmap -v -A

We all begin somewhere

It's been a blast so far. Just for more information its showing 21 and 80 open on my scan. I only knew it was 1 because the following question is worded "What port is this?".

found this at google dorking room

Thanks @buoyant dagger I’ll fix it shortly (:

Thanks @buoyant dagger I’ll fix it shortly (:
@topaz venture Thank you.

Hi Gentelemen,

The b64.txt downloadable file in Task1 in room : Scripting is empty

has anyone looked into it ?

are you sure it's not extremely large and you can't open it?

because i cant open it in a GUI as the file is too large

I just checked, I can confirm that b64.txt from room Scripting is not empty 🙂

my bad,

I just confirmed so

@vocal raptor thanks for the heads up

Is it possible that Christmas XXS machine's automation does not work properly: admin's authid did not pop up in my logs after 2h of trying harder (restarted the machine multiple times and used different XXS payloads, checked the example from @orchid remnant 's write-up)

It does work

But often listeners don't work

I've tried both netcat and nginx's access.log before posting, will re-try again. Thanks

There is a issue on the reverse elf files challenge

@frosty cape My streak cleared, but heatmap still shows it as being fine

Did you answer a question? Because the heatmap shows events if you have: downloaded a file or deployed a machine

Streaks need questions answered to have them remain

@frosty cape Why the disparity? Doesn't make sense to me

Otherwise people would automate: Logging in and deploy machine, then leaving

At least with answering a question (even if its 1 a day) it requires a little more thinking.

The idea of streaks isn't to prove you're active on the platform a loads (a users heatmap shows that) but to build up a 'Learning streak' ("Learn something new everyday").

hi i found bug

the badges stay on the top layer if I turn on the saddle notifications

Why are you using Windows 7? 👀

Windows 7 OG

windows 7 ❤️

eternal blue anyone 👀

Always just redeploy and try again

For that one

@pine quiver Swafox is not asking how to exploit eternal blue, they are a 0xD God, they said eternal blue because Windows 7 by default is vulnerable to ms17_010, and Hooper is using windows 7. 🙂

Oh my b

Well in case you had a question on that 😉 @olive drum

Swafox is not asking how to exploit eternal blue, they are a 0xD God, they said eternal blue because Windows 7 by default is vulnerable to ms17_010, and Hooper is using windows 7. 🙂
@median sapphire exactly! good explanation 😄

Not really a bug but more likely a misconfiguration of the box? in the room 'Introduction to Django', the usr we have access to 'django-admin' can read the user.txt in another home folder but also run any command as root. It's not a big deal but it does make the hint in the user page on admin panel with the hash a bit redundant. Just a heads up @olive drum . Great box otherwise. Learned a lot!

That's intentional, I think, I escalated to root as well.

@median sapphire maybe intentional but by going through the trouble of hosting a hash on pastebin for that other user's password I thought it may have been a mistake too.

@covert kernel thanks for the feedback! root was given on purpose because the point here was to test your understanding of basic things like settings, command manager and so on. The hash was put as a 'hint' for those who didn't check the other user's folders beforehand

and also, not everyone checks if they have sudo privileges right away 😄

@olive drum, can I DM you? I had the feeling there was another hidden flag but would like your confirmation

sure

it should be added automatically, @frosty cape could you take a look when you have time?

@thorn viper Yeah its automatically added - whats your TryHackMe username?

Here please:)

hey, I think there is a bug on the machine available to learn Linux

DeadShot22
@thorn viper I found the bug that stopped you getting the badge and fixed it. I also gave you your 7-day-streak badge:)

@steep wraith What's the bug?

"The actual binary will check for two things, it will be checking that there's a directory called test in your home directory, how you create that is up to you. It will also be checking that inside the directory there's a file called test1234."

but they are already created

Yeah, that's a bug

Paradox being lazy

and I can't find shiba4.bin but it may be my fault

:p

It won't be called .bin

But it's there

ok thx 🙂

Re-verify again with the bot.

They will be updated automatically soon™️

Not really a bug but every time I deploy a room and try to copy the machine's IP there is an additional space that is prefixed to the IP. Can anything be done about that?

double click on the ip

then hit copy

Thats what I do

@elder olive It's already been reported before.

Has it already been mended?

@elder olive It's already been reported before.
@median sapphire Oh wow nice

Thanks

Not so much a bug as some display awkwardness, but on mobile, the 2 hamburgers are probably a touch confusing

Oh, trust me, we know

The site is not mobile optimised right now...

unfortunately I'm on my phone very often.. its not an enjoyable experience lol

if you are using chrome there is an option to run as a Desktop site.

Not really a bug but every time I deploy a room and try to copy the machine's IP there is an additional space that is prefixed to the IP. Can anything be done about that?
@elder olive This thing is still happening

@elder olive do you expect things to be fixed instantly?

@elder olive It's already been reported before.
@median sapphire
I assumed this was long ago

My bad @spiral flame

Hello, I am currently on "xss" box, I have successfully popup alert, but the key is not shown

On task 8, challenge 2
Input value <IMG SRC="/" onerror='aler&#x74("Hello");'>

Did I do something wrong?

It's a known issue

Oh

Any hint on the other way to inject script into the input?

#room-help #room-hints

Ah, alright 👍

why i should add my Credit Card every mount ? my card is on file but every mouth i should add it

What?

No

The payment will recur, using stripe

i added my card , but its not auto renew

i receive email cancel subscription and should add my card again

I think there is a bug in Powershell room, I found the answer for Task 3 Question 3, same answer in the walkthrough but I cannot validate the answer...

?

Show pic

Discord fails to upload my printscreen... I tried 3 times

Wait I'll try another way

Nope.. It fails

https://we.tl/t-p4eSh6XPcW

See? @pine quiver

That means your answer is wrong

Who says the writeup is correct?

Ya that answers just wrong @spiral spire

But it's the same in walkthrough?

So walkthrough wrong too ?

As I said

Who says the writeup is correct?

Anyone can create and upload walkthrough without any validation?

Writeups shouldn't include answers at all

Not every room creator verifies every single part of a writeup

Ok (y)

👍

another bug find

@steep wraith ????

That's not a bug

Nmap can't detect the os

Yes it can

The question is asking for the distro anyway

But it literally says linux in the fingerprint

sry im new i delete ^^

@versed yarrow did you get the flag? im stuck at xss room ->filter evasion -> challenge 2 too

check the attached resources, there's a few hints for challenge 2

Is there a memory leak or some other allocation bug in the hackernote room? every subsequent login attempt with a valid user seems to take more and more time

I tested it as a non subscriber and it works fine

I haven't changed anything

@celest edge I've thrown a hell of a lot at that box, and it was fine

took me 15 seconds to log in

with the correct password

on the webserver part

That's really really weird

Because it's normally like under 2 seconds

Terminate and redeploy

yeah it's fine for the first 8 or so login attempts with a correct user

the password check takes longer and longer...

let me log some timing with my script

❯ ./password-checker.py 10.10.117.80 wordlist.txt ***** 1
POSTING http://10.10.117.80/api/user/login with *****:amber0
Response time: 0:00:01.525370
POSTING http://10.10.117.80/api/user/login with *****:amber1
Response time: 0:00:01.512899
POSTING http://10.10.117.80/api/user/login with *****:amber2
Response time: 0:00:01.515757
POSTING http://10.10.117.80/api/user/login with *****:amber3
Response time: 0:00:01.511456
POSTING http://10.10.117.80/api/user/login with *****:amber4
Response time: 0:00:01.527331
POSTING http://10.10.117.80/api/user/login with *****:amber5
Response time: 0:00:02.295157
POSTING http://10.10.117.80/api/user/login with *****:amber6
Response time: 0:00:04.751897
POSTING http://10.10.117.80/api/user/login with *****:amber7
Response time: 0:00:07.646025
POSTING http://10.10.117.80/api/user/login with *****:amber8
Response time: 0:00:15.311110
POSTING http://10.10.117.80/api/user/login with *****:amber9
Response time: 0:00:15.198678
POSTING http://10.10.117.80/api/user/login with *****:beige0
Response time: 0:00:17.720299

caps to about 15 seconds

and I'm not even hammering very hard

if I punch at it a bit harder it just gives up

That's really weird

Considering it works fine for me and everyone else

I'm not saying it's your script

I'm just poking at it with python and requests

But it looks like the time difference is the time it takes to verify a password

couldn't get hydra working, so I adapted the login username checker script

I haven't seen this before

So, terminate and redeploy. I'm not saying it's user error, I'm just saying no one else has had this issue

I have been, I can reproduce

this is a fresh machine

Weird, DM me your code

Because I genuinely haven't seen this before

it's terrible, I'm sorry in advance

@frosty cape Did you push the private room points fix yet?

Hackpark is only available for 1 hour....so so annoying and frustrating. Even when you try to extend the webserver stops responding.

anyelse had the same issue?

@elfin wing Known issue.

You need to speedrun the box

You can exploit it very quickly, creds etc don't change

@frosty cape Did you push the private room points fix yet?
@spiral flame Yeah, private rooms don't give you points (on your main account score)

There's still people on the leaderboard that exploited it massively

A point recalculation is coming 3-4 weeks time

https://tryhackme.com/p/elli0t43

When you make changes like this, they need to be retroactive

When you make changes like this, they need to be retroactive
@spiral flame What do you mean?

That person has completed 25 rooms

12 public rooms

And has an insane amount of points

He's also a 0xD God

And has an insane amount of points
@spiral flame I debunked his points for now.

There is something broken there.

But as I said, 3-4 weeks time everyones points will be recalculated using only public rooms.

@spiral flame The search works for me 🤔

@median sapphire In my rooms or hacktivities?

Oh

In hacktivites

Exactly

It doesn't work in My Rooms

Oops, sorry for that

Any particular reason we're pushing the deprecated version of Python?..

@frosty cape python3 -m http.server 1234

Any particular reason we're pushing the deprecated version of Python?..
@orchid remnant Nice spot, thanks:)

py2 best python @orchid remnant

py2 best python @orchid remnant
@hazy stratus I mean, I used to think that too. Then I figured the world was leaving me behind...

I guess it's probably time to stop using Borland Turbo Pascal 7.0 then

oof, im old

the world doesn't want to move on from py2

only python dev's do

hey all, just a heads up trying to do the Introduction to OWASP ZAP and the VM keeps crashing due to load from ZAP but im just following the tutorial

might want to up its power for others

Any particular reason we're pushing the deprecated version of Python?..
@orchid remnant python3 is the only python on my system, so python == python3. get with the times, nerds

I should hope so too!

hi, tryhackme rooms(any rooms) are not showing the images, anyone know how to fix?

They're normally served from imgur. If they're not displaying, it's on your end

pffs, always like that :/

check your dns

some ISP block imgur lol

try going to https://imgur.com/ @quaint pier

please read the rules @quaint pier especially rule 1

k

ty

it's a problem on your side, check with a different browser

different browser same thing

Sounds like it's being blocked by your ISP. Out of our control. I recommend you try different DNS servers etc, but this isn't a tryhackme issue

its fixed ty

hey i have a weird bug on Common Linux Privesc, task 4, #6. The answer I put it returns "Uh Oh undefined"

there are two burpsuite rooms that give you the "Burp'ed" badge; Learn Burp Suite && RP: Burp Suite

The later is replacing the former

Speaking of, @frosty cape Path replacements etc?

i figured, so if I complete the new one before the old is removed, will I have two Burped badges?? 😛

Only one way to find out

Would be cool if you did

go ahead and use powershell***

room: https://tryhackme.com/room/corp

Which room @rare swallow?

fixed @orchid remnant

Huh? Who fixed it?

no, i mean i added the url

Ah

Well

I fixed it

lmao'

i believe this should be 'Start Live Capture' #10/#4 RP Burp Suite

@rugged ermine

@rugged ermine -- I assume you'd prefer to keep RP to yourself 🙂

Yeah I'll fix that in a sec haha

Speaking of, @frosty cape Path replacements etc?
@spiral flame Its already been replaced? Wasn't me, must have been Ashu or Dark:)

delet the old one then

or make it private

i figured, so if I complete the new one before the old is removed, will I have two Burped badges?? 😛
@light jolt can confirm that you do not get another badge D:

there is a problem with the RP: Web Scanning room, I am not sure if I have done something wrong while using zap but it does not display the answer for question number 8 from task 3, I had to research the answer for it and indeed it is not showing for me, could you have a look into it because I am pretty sure I have done all steps right, thank you !!

If it's the xss thing, known issue and it's being investigated @proven frost

yes it is thank you !!

The Question #x is off center :(

Peak Hill - I tried to head the ||pyc|| file and it seems to have encoded the terminal, here is the output of an ls -la. Can be fixed with reset. Not sure if that's a bug with the python file but interesting anyway.

i think you broke something yourself

you borked the borked bork

room/jokerctf dumb "lsd" is crashing

RP Burp... Typo hsould be highlight?

task 9

I'm not sure where the issue is there @covert kernel

"highly" @rugged ermine

Should read highlight

ooooh go catch

👍

Fixed, thank you for posting that :D

Got an issue with Authentication box from the Web Fundamentals path, I'm upto the JWT bit and following the tutorial but the box isnt returning a JWT token like expected? I've stopped and restart the box and it made no difference?

I can change it to undefined if i dont put any usernames in

You are rewarded a badge and random security gift, if you come 1st place at the end of the month!
I got no badge and no gift, maybe the message should be changed? 👀

@frosty cape

contradictory rules...

The docs need to be updated 🤔

I will submit a PR updating the docs tonight @covert kernel thank you for letting us/me know (:

welcome. just doing my part (because lord knows i can't write a machine so i may as well find other ways to contribute)

may want ot update it all.. there is no "readies" function additionally... says that a lobby is 6 users.

Hehe for sure! Although that ain't to discourage you from developing rooms! I/we appreciate you recognising issues like this in other sections of the site (:

I got no badge and no gift, maybe the message should be changed? 👀
@sullen vessel Yo flan, DM me, lets get that sorted:)

should i just compile a large list of spelling errors and send them out in 1 shot? is that the easiest method to get these submitted?

Sure?

👍

for now, on the VPN page, "its safer for you" needs to be "it's safer for you"

Intro to x86-64 has a correct password collision for the crackme2 binary

Shodan.io [Task 4] Google & Filtering #2 What is the 3rd most popular country for MYSQL servers in Google's ASN?
2 top country
?

I really don’t know why this still hasn’t been fixed but it’s known @covert kernel

@vocal raptor?

I really don’t know why this still hasn’t been fixed but it’s known @covert kernel
@cinder crow Wasn't known to me, but it's fixed now. Shodan updates all the time, I can't keep up 😓

its been like that for at least a month

no ones told me ;-;

but i fixed it anyway

I didn't realize it was your room

@covert kernel fixed

@covert kernel fixed
@cinder crow Thank you

❤️

Shodan.io [Task 4] Google & Filtering
#4 Under Google's ASN, what is the most popular city?

1 sec

None of those are cities

so its not a bug

🙂

Shodan.io [Task 4] Google & Filtering
#4 Under Google's ASN, what is the most popular city?
@covert kernel Sorry I meant, none of those in the screenshot you sent are cities, so it's not a bug 🙂

I have just confirmed that the answer for task 4 question 4 is right, just in case 🙂

is this the right area to ask for assistance?

no, if you need help on a room #room-help if you need help with vpn #site-support @covert kernel

Got an issue with Authentication box from the Web Fundamentals path, I'm upto the JWT bit and following the tutorial but the box isnt returning a JWT token like expected? I've stopped and restart the box and it made no difference?
@wanton copper any1???

make sure your encoding is NONE

@wanton copper

oh gotcha. so you need to type in both boxes

you can either use burp to intercept

or just use your normal browser and check your cookies, a jwt token should be in there

@rare swallow thanks, I did try both boxes, was using burp but not sure what the encoding setting was will check again tomoz

Could not make SMBv1 connection ???how get this work

@regal robin #room-help this isn't a bug

im sorry can you guys guide me to this

@regal robin #room-help

👍

machine not deploy helpme

it's a windows box

it does not respond to ping

@olive drum i think there is some text inside the help menu

yeah

I think that should be task > Hacking with Powershell

Apologies if this is a known bug, but completing the "Complete Beginner" path to 100% does not complete the room

I clicked through all sections of the 21 subrooms to ensure every task was completed

Weird

@frosty cape is this expected behaviour?

The Burp Suite room was modified/changed after my first completion, but before I completed the entire path, so I went back and re-did it, then finished off the rest of the path

Maybe start there with the troubleshooting, probably not a situation that happens often in regards to timing etc

Leaving/Rejoining path doesn't seem to work

Leaving/Rejoining path doesn't seem to work
@runic trench @spiral flame What do you mean sorry? Its showing 100% because you've completed every room. You wont get a tick on the pathway. It just means you've completed every room available.

Maybe this needs to be made more clear then

Im not sure how much clearer it needs to be? Its a pathway with rooms to be completed:) The only thing left to add is a certificate of completion

I can add a "Pathway Complete" at 100% perhaps

While you are at it, please fix: 😁 #site-bugs message

While you are at it, please fix: 😁 #site-bugs message
@median sapphire Can you explain what happened here? Did you complete every question in the room and it not give you the tick? Also what date did you complete the room.

Yeah, I completed every question in the room, and it's not showing up as completed in hacktivites, not sure about the date through
Not really that much of a major bug

The path says "39 hours, 21 rooms, 1 badges" however I have received 4 badges from the rooms within this path, so either it's not pulling badges from the contained rooms (would be 4 if this portion worked) or users are led to believe that "1 badges" are granted upon completion of the path. More clarification is needed, searching the forums shows another user with the same issue.

Ah okay, yeah the badges need updating - let me me get on that.

Thanks for reporting

I have no idea if this is a bug, or feedback, but: In "RP: Burp Suite" task 7.3 the question is: "Clicking 'Add to scope' will trigger a pop-up. What will Burp stop sending to the history following clicking 'Yes' on this?" Which implies that you have to answer what Burp stops sending to history, but the question doesn't need an answer - simply pressing "completed" is ok

Greetings I am doing XSS room and for some reason even if I successed with XSS word blacklisting stil not getting the flag

its weir

d

Not sure if it has been reported, but
when you leave a room with a machine on it doesn't terminate itself + that control panel will disappear.

Working through Advent of Cyber Day 11 (task 16). First time working with FTP and I keep getting "500 Illegal PORT command" when I try to use ls or dir after successfully logging in as anonymous. When I switch to passive mode and/or binary mode, I get invalid pasv_address. Nothing I could find online or in community help worked for me. I also attempted it using ncftp and filezilla with the same results.
Connected to 10.10.122.31.
220 (vsFTPd 3.0.2)
Name (10.10.122.31:danman5542): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command.
ftp: bind: Address already in use
ftp> pass
Passive mode on.
ftp> ls
500 OOPS: invalid pasv_address
Passive mode refused.

Known issue, use an EU VPN server for it

@soft copper hiii

@spiral flame You're the best, thanks

@everyone can you help me ???
in the TryHackMe: Common Linux Privesc i answer task 9 number #4 rigth but it said im wrong
i answer at first but it said im wrong the i put the wrong answer in the notepad
but then after i try and fail 20+ time i got curious about the first answer
and i answer that question with that answer again just for fun
but then it said it was the rigth answer
that mean i lost 60 poin for nothing
can you help me with that

Windows PrivEsc Arena; Can use TCM credentials to RDP into machine but when using user credentials, you authenticate but cannot RDP into the machine. Tried terminating and re-deploying twice with the same issue. Can someone confirm? I tried using Remmina and Vinagre

don't think that's right....

This hint doesn't make sense, or I am missing something?

i believe its to help beginners, if they dont know where to input the command

@lost wagon That was for a CTF, the CTF ended two-three days ago, THM was sponsoring the CTF.

🤷‍♂️

you have to run other commands in powershell before that

powershell, not cmd :3

haha idk man just guessing

:3

im not even sure that command runs in cmd

lemme check

hmm it does

@median sapphire ... ok but why does a 'writeup' go towards the signup page... like even if it was for a ctf it shouldn't be there now

it looks like a flag

It redirects to the dashboard, because it's not a writeup, it's a flag.

You'll also find a lot of them in the RP rooms.

again.. if it was for a ctf that ended... it should be gone 😛

But yeah they need to be removed.

When making a new room, this notification instructing you to assign tasks is now redundant because the "Assign" page doesn't exist and you now assign tasks all within managing the room

When making a new room, this notification instructing you to assign tasks is now redundant because the "Assign" page doesn't exist and you now assign tasks all within managing the room
@topaz venture Nice catch, updating that now

so uh i found an bug in profile where you can't link your personal website if its lets say ||https://medium.com/@elfmcskidy||

which means i can't link my medium profile as my personal website

remove the @ from the link, site should accept it and it will work

that was mentioned a while back,

@frosty cape mind looking at that?

yes it does accept but then when you click on the link it says the page doesn't exist @short jackal

which technicly means.... it needs to be fixed?

Let me fix that now:)

idk sorry if i sound rude or something :/

Fixed, will be made live next week when I next push the latest codebase

okay sounds good 😂

hi every one , i have question about webdav room (https://tryhackme.com/room/bsidesgtdav)
i found a hidden directory i cant bypass basic authentication
i can't find right username
any suggestion for bypass it ? or hint for other methode to complet this challenge

#room-hints #room-help @rugged shore

ah i am sorry

Hello there XSS room I am doing filter evansion and the Hello alert appears ,however i havent received any flags, I am trying everything now

Even if i receive flag its not valid

@covert kernel for now, URL encoding it should work

@jade stratus you didn't lose points. You were wrong, that's all.

oof

Possible ISSUE: If you click on extend button before the box is initialised(Kali RDP), It'll go to that error about disconnecting and going to home page(command center thingy).

Not really a bug, maybe this should be case sensitive (/room/rptmux)

Oh, we've asked for the ability to control the case sensitivity numerous times..

Another developer coming soon:)

@frosty cape how difficult would it be as a temporary fix to just turn off the regex for answers less than three characters long?

Ah, already here 😁

And fair enough ♥️

Nah but srsly, Ashu has scheduled a call for next week for the new potential developer

So lots of this smaller functionality can be implemented quicker.

@frosty cape how difficult would it be as a temporary fix to just turn off the regex for answers less than three characters long?
@orchid remnant And very easy

Ey! Sounds good 👍

carpe diem is 57 days old yet just released? is that because it was made and tested that long ago?

Correct 🙂

It was only tested and approved recently (perhaps about just shy of a week?)

all other released boxes show 1 day

that should reset although O.o

@frosty cape my blood was removed from Carpie Diem?

I put the flags back in, just wanted to let you know.

@frosty cape my blood was removed from Carpie Diem?
I wasn't on the room release today:) Maybe a room tester or the person who released the room reset points? I can look in our audit log to see who did it, but am deep in coding something new:)

Also sorry about (who ever your points got reset)

I did have a problem that when uploading vms it would sit at 0.00%. I saw on my local dns resolver that the domain s3-eu-west-1.amazonaws.com was getting blocked, and whitelisting that fixed the problem.

Just leaving this here if someone else might get the same problem

Banned from joining the new room. I think a few others are/were too.

Windows PrivEsc Arena: A note for all those who cannot log in as a user. Login as TCM. Call Computer Management, select the user under "Local User and Groups -> Users" and switch off the setting "User must change password at next logon".

Sorry new to tryhackme but I have found a bug. Do we submit them here or somewhere else?

Here is fine 🙂

Found a fault with the "Advent of Cyber" Room. Task 7 - Day 2 where we need to "Scan" the website for folders. Writeups mention finding a /sysadmin folder. But this does not appear when scanning. When attempting to visit the page you get a "Cannot GET /sysadmin" Error.

Task 2, question 23, looking back at this, there is a typo in the hint.
I've personally never heard the phrase 'two or "these" days'. 😄

Which room @median sapphire?

Sorry, forgot to post the link, here: https://tryhackme.com/room/bpsplunk

@bitter brook Make sure you're scanning the right room

I, uh, assume that's meant to be "two or three days"

Yep

It's a primer room, but given Dark ain't around, hopefully he won't mind

Fixed 👍

Thanks 🙂

@frosty cape loads of people can't join carpe

Room: Windows PrivEsc Arena -- RDP Login-- Cant RDP into box with given credentials. Admin credentials work fine but the supplied user creds do not

posted this issue before idk if anyone saw

@frosty cape loads of people can't join carpe
@spiral flame Oh really? As in can't join the room or can't access the machine?

Can't join the room

The Either already in or banned thing

I posted a screenshot above

https://discordapp.com/channels/521382216299839518/559443389058252800/721273590502260767

I posted a screenshot above
@strong pumice If you're having this issue DM with your username

I'll investigate Monday, at my parents house atm but can do a local fix on my laptop

hello why did my answer were inccorect but i all ready confirmend it was correct but it said it was wrong why???

Because it was wrong

@jade stratus How did you confirm that it was correct?

z-indexes broke

(Side note, would someone please get rid of that unread conversation for me? There are no unread conversations -- 0day broke that too)

@orchid remnant I reported the Z thing before

I thought I'd seen that -- hence not sticking it straight into submissions

Either way, quick reminder Skidy -- CSS broke

The room 'Jack' has a way too easy solution which is most likely not intended.
||As soon as you access the server, you're able to cat /root/root.txt without any privesc||

@jade stratus How did you confirm that it was correct?
@orchid remnant i write the code

I can't reach the supporting materials on a link. I get this instead:

for the learn linux room task 33 it asks us to create a directory and create a file called test1234 in that directory then run a binary to get the flag

but the files and directory are already there?

so run the binary to get the password

lol

Def not a bug but i can access every other page but "My Rooms"

try #site-support ?

@fresh tide Yeah, someone else was also having issues about this yesterday 🤔

I dont know but i have correctly entered my social information but still can get the option to share after completing a room. Apart from this that option to share automatically cant be accessed afterwards

Def not a bug but i can access every other page but "My Rooms"
@fresh tide Is this fixed now?

@fresh tide Is this fixed now?
@frosty cape No, still the same

This sounds like the same thing the guy yesterday was talking about. Was a solution found for that?

Yes:)

If they let me know their username I can hotfix it, otherwise they will have to wait until I next push the next THM codebase

Room: sudovulnsbypass
Task2: Typo >> "nothing" instead of "noting"

Fixed 👍

Writeup for https://tryhackme.com/room/rpburpsuite leads to the dashboard

that's one of the "writeups" used for the noobctf

^^^ noob{active_crawl_is_legendary!}

@olive drum Yeah, that's a flag for a CTF(thm sponsored), they need to be removed, they are spread out in the site(mostly rp rooms)

they were only on RP/BP rooms iirc

oh okay

hey

Room: Introductory Networking
[Task 6] #2 Ping blog.tryhackme.com

PING blog.tryhackme.com (104.26.11.229) - this IP is incorrect 😦

That might be because it was put under Cloudflare

No -- it was updated

Skidy said that the blog IP would not change

And indeed, it hasn't. Just checking the question now

The SSL cert for the blog expired today.

Skidy renewed it through.

Oh, wait

#522158404614225920 message

Blog'll be done through DO same as the main website, I assume

Those just had their IPs manually changed

Either way, question should now be fixed @wintry plank 🙂

@orchid remnant What does DO mean? 🤔

Digital Ocean

Ah, thanks!

Np 😁

Thanks a lot 🙂

what's up with this user's points? same amount without completing the whole room (no bloods)
the room is androidhacking101

Do those last questions give points @short jackal?

oh wait they don't, somehow didn't notice that

Not a bug I suppose, but in the complete beginner path under Network Security, the overview has the same thing written twice:

this isn't the correct answer lol I mistyped the flag but it still took it

room is c4ptur3th3fl4g